We've got a Facebook application that is embedded in a Facebook canvas page and therefore it is loaded inside an iframe. The application itself holds a flash, put in tag.

What happens is that when Http requests are made via the flash, cookie is not included in the request headers, so the server can't determine which the session is. This happens only in IE, with other browsers this problem is not reproduced.

I examined the requests made via IE and Chrome and they differ in several things, most notably in the absence of Cookie parameter in the IE one.

I ended up doing similar thing, I did not have the ability to add filter or web config change to add header value, so I did move the Facebook interaction to the page through Facebook Javascript and let the flash app communicate with JS to pull the data. thanks for the answer though.
–
LaithMay 3 '12 at 19:41